Generally when a user requires access to a secure environment, such as a secure webpage, authentication of the user is required prior to granting access to the secure environment. A number of methods currently exist.
A very common technique is to request the user to provide a user identity and password. In most instances, the user identity and password are encrypted and transferred to a server processing system for user authentication. Problems exist with this type of authentication technique. For example, malicious software (i.e. keylogging software) operating on a terminal can log the user input, wherein the captured user identity and password can be maliciously used in later fraudulent activities.
Biometric authentication techniques have also been used to authenticate a user requesting access to a secure environment. However, as biometric features of a user cannot be altered, there are significant drawbacks in the event that the biometric feature(s) of the user has been compromised.
Physical tokens such as smart cards and the like have also been used as a means to authenticate a user requesting access to a secure environment. However, such devices are inconvenient to a user who may not carry the device with them at all times, and do not actually confirm that the user presenting the physical token is actually the correct user requesting authentication, merely that the device was present at the moment of authentication.